Class-based policing and CAR question
Let's say you want to police all traffic from Class A to 64,000 bps and Class B to 64,000 bps, and that you want to police the combined traffic being sent out an interface to 96,000 bps. I tried this with CAR using the following config:
and it worked as I wanted it to, but when I tried the following config:
I found that the policing on the parent takes place first, so if Class A generates a large amount of traffic, the parent policy ends up policing most of Class B's traffic before it is checked by the child policy and only a little over 64,000 bps total is actually sent out of the interface. Is there any way of achieving the same result that I did with CAR in this example using class-based policing?
access-list 100 permit <Class A match criteria> access-list 101 permit <Class B match criteria> interface Serial0/0 rate-limit output access-group 100 64000 8000 8000 conform-action continue exceed-action drop rate-limit output access-group 101 64000 8000 8000 conform-action continue exceed-action drop rate-limit output 96000 12000 12000 conform-action transmit exceed-action drop
and it worked as I wanted it to, but when I tried the following config:
policy-map child
class ClassA
police cir 64000 bc 8000
conform-action transmit
exceed-action drop
class ClassB
police cir 64000 bc 8000
conform-action transmit
exceed-action drop
policy-map parent
class class-default
police 96000 bc 12000 conform-action transmit exceed-action drop
service-policy child
interface Serial0/0
service-policy output parent
I found that the policing on the parent takes place first, so if Class A generates a large amount of traffic, the parent policy ends up policing most of Class B's traffic before it is checked by the child policy and only a little over 64,000 bps total is actually sent out of the interface. Is there any way of achieving the same result that I did with CAR in this example using class-based policing?
Comments
-
networker050184
Mod Posts: 11,962 Mod
You best bet would probably be to shape on the parent policy and then police in the child. Although I don't see why the current config would have not allowed you to go over 64000 combined.An expert is a man who has made all the mistakes which can be made. -
BennyLava
Member Posts: 60 ■■□□□□□□□□
networker050184 wrote: »You best bet would probably be to shape on the parent policy and then police in the child. Although I don't see why the current config would have not allowed you to go over 64000 combined.
It can allow over 64000, but it depends on the situation. If Class A is sending way more traffic than the policing rate, say 900k, and Class B is sending 60k for a total of 960k, about 9/10 of the traffic will be policed by the parent policy without preference for whether it's Class A traffic or Class B traffic. So, on average about 90k of Class A and 6k of Class B are allowed by the parent policy and compared with the child policy. Class A is policed from 90k to 64k by the child policy and Class B is left alone, so only about 70k total of traffic ends up getting sent. I'm not sure if there's a different way of configuring this with class-based policing that would prevent this from happening. I'm just trying to thinkof situations where CAR might be useful instead of class-based policing.